Peep show: inside the world of unsecured IP security cameras

Want to peer into businesses around the world, look through red light cameras …

If you’re in public, you’re on camera. If you walk into a coffee shop, the owner gets you at the register. Visit a larger store, and chances are they have your face as soon as you cross the threshold. At least one or two of your neighbors catch you on camera when you walk around your neighborhood, and many cities monitor traffic using red light cameras at major intersections. The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.

With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become... complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it's possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the 'Net. With a little time and patience, almost any given system, from a set of residential cameras to those used by your local police, can be accessed, viewed, and even reset if not properly secured. Of course, if you can do this, it means that anyone can do it.

Feel safer yet?

Surveillance on the Internet

Though they are relative newcomers to the surveillance market, IP cameras caught on quickly and are rapidly stealing market share and consumer preference from traditional (analog) cameras. In an analog system, all cameras need to be wired directly back to a central recording system using analog cable (typically RG-59 or RG-6 coaxial). Installation can be a financial and practical nightmare, especially on larger properties where there may be hundreds or even thousands of feet between cameras and their base station.

IP cameras often present an attractive alternative. Using the same basic technology that your computer uses, IP cameras take their own IP addresses and stream video directly onto a network without connecting to a DVR or control platform. Larger systems can integrate multiple IP cameras together using an NVR (network video recorder) that connects to and records multiple cameras at the same time. This capability can cut installation cost by literally thousands of dollars on sites where analog cameras would require long or complex cable runs.

Additionally, IP cameras frequently offer the additional benefits of higher resolution (with some models capable of 10 megapixels or more) and a more familiar platform for users to work with, meaning that they are also frequent favorites for smaller installations, too. Many forward-looking government, commercial, and even residential users are already standardizing their security on an entirely IP-based system, and most surveillance industry insiders feel this trend will continue into the foreseeable future.

Once an IP camera is installed and online, users can access it using its own individual internal or external IP address, or by connecting to its NVR (or both). In either case, users need only load a simple browser-based applet (typically Flash, Java, or ActiveX) to view live or recorded video, control cameras, or check their settings. As with anything else on the Internet, an immediate side effect is that online security becomes an issue the moment the connection goes active.

Though most NVRs require usernames and passwords for access, many individual cameras do not. An NVR can have the most advanced password imaginable, but if its remote cameras are online and unprotected, anyone with a web browser can completely bypass the system's security, no hacking required.

Regardless of where a system is installed, if it has any online presence whatsoever, it’s vulnerable. All it takes is time and some skillful Googling to gain access.

Screen capture of a common camera interface

Finding open doors

Finding IP cameras with Google is surprisingly easy. Though the information the search engine provides on the cameras themselves is typically little more than an IP address and a camera name or model number, Google still provides those who know how to ask with extensive lists of IP cameras and Web-enabled surveillance systems throughout the world.

The secret is in the search itself. Though a standard Google search typically won’t find anything out of the ordinary, pairing advanced search tags (“intitle,” “inurl,” “intext,” and so on) with names of commonly-used cameras or fragments of URLs will provide direct links to watch live video from thousands of IP cameras.

For example, a standard Google search for “Axis 206M” (a 1.3 megapixel IP camera by Axis) yields pages of spec sheets, manuals, and sites where the camera can be purchased. Change the search to “intitle: ‘Live View / - AXIS 206M,’” though, and Google returns 3 pages of links to 206Ms that are online and viewable. The trick is that instead of searching for anything related to the 206M, the modified search tells Google to look specifically for the name of the camera’s remote viewing page.

Some cameras are even easier than that. For instance, though a search for “intext:’MOBOTIX M10’ intext:’Open Menu’” will bring up direct links for M10s that are online and ready to be viewed, simply searching “Mobotix M10,” the make and model of the camera returns basically the same results. It’s just a matter of knowing which cameras are online and how their remote viewers are structured. Though some of the links will be to cameras that are password protected or to cameras that were deliberately left open for public viewing, the vast majority will belong to users who intended them to be private.

As IP cameras became more popular and this Google trick became better known, entire communities sprung up around finding and watching unsecured cameras; many larger forums (such as 4chan and SomethingAwful) have had large threads on the topic. To make access easier, members of these groups have posted pages of Google-ready search strings that grant access to dozens of different camera makes and models, meaning virtually anyone can get started with just a little effort. No technical knowledge, finesse, or prior experience needed; one need only find a list of search terms (an easy task with any search engine) and start copying and pasting into Google.

It's so easy even a freelance journalist can do it. I fired up my browser, found a list of search terms, and went exploring.

Still, as those who are reading this article on their neighbor’s unsecured wireless network can tell us, there will always be users who just don’t bother to read the manual or who just never get around to setting up even basic security, so there will also be those who make a hobby of finding and watching these cameras. If you leave your blinds wide open, you really shouldn’t be surprised when you discover someone looking through your windows.

Hey everyone I'm naked!*

*Waits for the lawsuits to start.

Seriously I can see this being useful for example if you're wondering what the conditions are going to be like somewhere before you go there. Also there should already be wireless but NOT IP cameras on the market. Giving one the advantages without the downside.

These things are quite insecure, since they mostly use things like FTP, and lots of other nasty stuff that doesn't use encryption. Of course I am not really sure what good it would do anyone, unless you like monitoring people walking around 99.9% of the time, the other .1% is at 2:00am when the bars get out, or when a thief is trying to break in, and most of these people are too stupid or drunk to try to get the video back.

In that last picture, you're basically looking at a (tiny) part of the Texas A&M campus. I used to wonder what that camera could possibly see...now I realize not much. I suppose it would help ID the course of an accident.

Regarding the article, I can't imagine that given the inability of all too many businesses (and even large corproations) to properly secure web services that this comes as any surprise. It's just going to be very embarassing when they find the changing room cameras at a department store...

Because so many cameras and surveillance systems are completely open, it's possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the 'Net.

I wouldn't call your specific search terms a kindergatner's understanding. Maybe I'm reading it wrong and you are just talking about the concept of searching?

Ah, yes, I did this a few years ago. I ended up settling on a PTZ camera in someone's back yard, watching them gardening. I frantically panned the camera left and right as to tell them "this isn't secure!", but they just gave it a quizzical and rather peculiar look before going back about to their daily tasks.

Kind of interesting to see that Wellborn @ George Bush image from College Station, Texas. I was trying to find some of these cameras from that town before I turned to page two and then I see that. That area looked more run down than I remember it from a few weeks ago, though. Must be the image quality.

It can be argued that all government operated public surveillance cameras should be open to public viewing. If they're watching us, then we should have the right to see who, what, and where they're watching. Cameras in sensitive, restricted, and classified areas excepted, of course.

@AlexIsAlex, I can think of two ways to look at it. Unauthorized access of private property is illegal regardless of circumstance OR a public access point is as good as permission to access private property regardless of whether the victims of these non-security cams knew about the security flaws. You are unlikely to be arrested for accessing a camera that is easily accessible through Google’s index or a hyperlink given the people with these cameras are unlikely to know anyone had ever spied on them. Doubt the cameras even keep a log of the IP addresses of every machine accessing them.

Disclaimer: none of the above is legal advice of any kind, just conjecture.

Sounds like a ripe idea for one of those AR games often used to publicise games or movies. In fact, I'm surprised Valve haven't done anything with webcams for Portal 2 (though their AR game involving the dial-up BBS was pretty damned awesome).

I find the article's claims of 'public porn' cameras to be preposterous and without merit. For the sake of journalistic integrity, I require the IP addresses for independent vigorous verification of the evidence.

Can't make the trip to verify, but is that intersection camera a traffic monitoring camera or a red light camera? All the RL cams in our area are mounted on the side of the road. The overhead shots are just monitoring, delivering nothing but fixed angle images for planners to utilize on an as-needed basis.

I find the article's claims of 'public porn' cameras to be preposterous and without merit. For the sake of journalistic integrity, I require the IP addresses for independent vigorous verification of the evidence.

A friend showed me how to do this a few years back it is amazing what you find.

So true, I once saw a shoplifting in a small fishing shop when I was watching their cameras. I was actually already panning the camera so that it followed the guy who stole from the shop before he stole anything, he looked shady when he came in. Hopefully that helps them.

That one incident was exciting, but most unsecured cameras are mind-numbingly dull.

That makes sense; I was wondering why that was ostensibly a red light camera. College Station shut down their program late 2009. I can't count the number of times I've been through that intersection (2004 graduate from A&M, and my in-laws live in CS).